[Emerging-updates] Daily Ruleset Update Summary 2017/04/27

Travis Green tgreen at emergingthreats.net
Thu Apr 27 17:49:51 EDT 2017


[***]            Summary:            [***]

17 new Open, 42 new Pro (17 + 25). Word File Embedded in PDF, Misc Cobalt
Strike, MSIL/ClipBanker.BT, Various Phishing, Various Mobile


[+++]          Added rules:          [+++]

Open:

 2022987 - ET MALWARE LoadMoney Checkin 5 (malware.rules)
 2024249 - ET MALWARE Loadmoney User Agent (malware.rules)
 2024250 - ET MALWARE Loadmoney.A Checkin 1 (malware.rules)
 2024251 - ET MALWARE Loadmoney.A Checkin 2 (malware.rules)
 2024252 - ET MALWARE Loadmoney.A Checkin 3 (malware.rules)
 2024253 - ET MALWARE Loadmoney.A Checkin 4 (malware.rules)
 2024254 - ET MALWARE Loadmoney.A Checkin 6 (malware.rules)
 2024255 - ET MALWARE Loadmoney.A Checkin 7 (malware.rules)
 2024256 - ET MALWARE Loadmoney.A Checkin 5 (malware.rules)
 2024257 - ET MALWARE Loadmoney.A Checkin 8 (malware.rules)
 2024258 - ET MALWARE Loadmoney Checkin 1 (malware.rules)
 2024259 - ET MALWARE Loadmoney Checkin 2 (malware.rules)
 2024260 - ET MALWARE Win32.LoadMoney User Agent (malware.rules)
 2024261 - ET MALWARE Loadmoney Checkin 3 (malware.rules)
 2024262 - ET MALWARE Loadmoney Checkin 4 (malware.rules)
 2024263 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)
 2024264 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion
Domain (trojan.rules)

Pro:

 2826135 - ETPRO CURRENT_EVENTS Successful iCloud Phish Apr 27 2017
(current_events.rules)
 2826136 - ETPRO CURRENT_EVENTS Successful RBC Royal Bank Phish Apr 27 2017
(current_events.rules)
 2826137 - ETPRO CURRENT_EVENTS Successful Dropbox Phish Apr 27 2017
(current_events.rules)
 2826138 - ETPRO CURRENT_EVENTS Email Settings Verification Phishing
Landing Apr 27 2017 (current_events.rules)
 2826139 - ETPRO CURRENT_EVENTS Successful Email Settings Verification
Phish Apr 27 2017 (current_events.rules)
 2826140 - ETPRO CURRENT_EVENTS Adobe Protected PDF Phishing Landing Apr 27
2017 (current_events.rules)
 2826141 - ETPRO CURRENT_EVENTS Successful HM Revenue & Customs Phish Apr
27 2017 (current_events.rules)
 2826142 - ETPRO TROJAN Cobalt Strike Trial HTTP Response Header
(X-Malware) (trojan.rules)
 2826143 - ETPRO TROJAN Cobalt Strike Trial HTTP Response Header (EICAR)
(trojan.rules)
 2826144 - ETPRO CURRENT_EVENTS Successful Facebook Phish Apr 27 2017
(current_events.rules)
 2826145 - ETPRO TROJAN Malicious SSL Certificate Detected (CobaltStrike
Dropper) (trojan.rules)
 2826146 - ETPRO CURRENT_EVENTS Successful Apple Phish Apr 27 2017
(current_events.rules)
 2826147 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 27 2017
(current_events.rules)
 2826148 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.o Contact Exfil
(mobile_malware.rules)
 2826149 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible
Locky/Dridex (HTTP) (trojan.rules)
 2826150 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible
Locky/Dridex M1 (trojan.rules)
 2826151 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible
Locky/Dridex M2 (trojan.rules)
 2826152 - ETPRO TROJAN Suspicious Word File Embedded in PDF - Possible
Locky/Dridex M3 (trojan.rules)
 2826153 - ETPRO TROJAN MSIL/ClipBanker.BT CnC Checkin (trojan.rules)
 2826154 - ETPRO TROJAN Cobalt Strike Malleable C2 Webbug Profile
(trojan.rules)
 2826155 - ETPRO MALWARE Wizzcaster Adware/PUP Downloads Inbound
(malware.rules)
 2826156 - ETPRO TROJAN JS Loader PE Download (trojan.rules)
 2826157 - ETPRO TROJAN JS Loader Payload Request (trojan.rules)
 2826158 - ETPRO CURRENT_EVENTS Successful Amazon Phish via JS Form in PDF
Apr 27 2017 (current_events.rules)
 2826159 - ETPRO INFO Possible Successful Credential Phish via JS Form in
PDF Apr 27 2017 (info.rules)


[///]     Modified active rules:     [///]

 2017787 - ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC
Beacon (mobile_malware.rules)


[---]         Removed rules:         [---]

 2022911 - ET MALWARE LoadMoney User-Agent (malware.rules)
 2022987 - ET TROJAN LoadMoney Checkin 3 (trojan.rules)
 2805850 - ETPRO TROJAN Loadmoney.A Checkin 1 (trojan.rules)
 2805851 - ETPRO TROJAN Loadmoney.A Checkin 2 (trojan.rules)
 2806326 - ETPRO TROJAN Loadmoney.A Checkin 3 (trojan.rules)
 2806385 - ETPRO TROJAN Loadmoney.A Checkin 4 (trojan.rules)
 2807004 - ETPRO TROJAN Loadmoney.A Checkin 6 (trojan.rules)
 2807025 - ETPRO TROJAN Loadmoney.A Checkin 7 (trojan.rules)
 2807235 - ETPRO TROJAN Loadmoney.A Checkin 5 (trojan.rules)
 2808508 - ETPRO TROJAN Loadmoney.A Checkin 8 (trojan.rules)
 2809822 - ETPRO TROJAN Loadmoney Checkin (trojan.rules)
 2810086 - ETPRO TROJAN Win32.Loadmoney Checkin 2 (trojan.rules)
 2810094 - ETPRO MALWARE Win32.LoadMoney User Agent (malware.rules)
 2810544 - ETPRO TROJAN Loadmoney Checkin 2 (trojan.rules)
 2812429 - ETPRO TROJAN Win32/Kryptik.DTJT Downloader GET (trojan.rules)
 2812650 - ETPRO MALWARE Win32/Kryptik.DUHH Variant Activity (malware.rules)
 2814730 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.EC Checkin
(mobile_malware.rules)
 2822127 - ETPRO MOBILE_MALWARE Riskware Android/Packed.Jiagu.A Checkin
(mobile_malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170427/1a16dc60/attachment.html>


More information about the Emerging-updates mailing list